4 matches found
CVE-2021-43421
Summary: CVE-2021-43421 affects Studio-42 elFinder versions 2.0.4 through 2.1.59, where an unauthenticated file upload via connector.minimal.php enables arbitrary file uploads and PHP code execution on the server. Details from connected docs: multiple sources describe unauthenticated arbitrary fi...
CVE-2021-43421
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code...
Remote code execution
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects product...
CVE-2020-35235
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects product...